Bluefin Issues White Paper on Nacha Supplemental Data Security Rule and Bluefin’s ShieldConex Data Security Platform
The new rule will require the protection of stored ACH account numbers starting in June 2021.
Bluefin, the leading provider of payment security technologies, including PCI-validated Point-to-Point Encryption (P2PE) solutions and ShieldConex data tokenization, announced the issuance of a new white paper authored by Alpine Security Consulting on Nacha’s upcoming rule on Supplementing Data Security Requirements.
Beginning on June 30th, 2021, the new Nacha rule states that organizations handling over 6 million ACH payments annually will need to protect Account Numbers when at rest (stored electronically). On June 30th, 2022, the Rule will extend to organizations with over 2 million ACH payments annually.
“Data breaches are at an all-time high, with the number of breaches increasing 273% in the first quarter, compared to the same time last year, according to a study by cloud computing company Iomart,” said Ruston Miles, founder, Bluefin. “Cybercriminals are attacking every point of entry, whether online or at the point-of-sale, while simultaneously hacking into systems and networks to find clear-text personal and financial data that they can then resell on the Dark Web. Consumer account information is one of the most lucrative pieces of data that needs to be protected upon entry and storage.”
Recommended AI News: King & Union Introduces Fractional Ownership Of Premium Threat Intelligence
In 1986, Nacha updated their rules with a Data Security Policy aimed at encouraging ACH participants to implement up-to-date data security techniques and then stay current with relevant data security techniques to ensure a high level of quality and reliability to the ACH network. Since then, additional updates have been made to clarify the important aspects of data security, and to introduce timelines for more specific enforcement of the updates.
“The supplement highlights a specific area within Nacha’s Section 1.6, specifying what data must be protected when at rest – Account Numbers – and also specifies that this applies to electronic storage as part of the ACH process,” said Dan Fritsche, CISSP, author of the paper and founder of Alpine Security Consulting. “The paper also includes information on NACHA’s existing requirements for transmission security and the alignment of storage and transmission protection rules relative to PCI requirements.”
Recommended AI News: Konica Minolta Launches New Managed Application Services Packages